Privacy Policy

Effective Date: August 18, 2023

The existence of this Privacy Policy is a commitment from PT Privy Identity Digital (hereinafter referred to as "Privy") to respect and protect any User's personal data or information through the https://privy.id site, its derivative sites, as well as the Privy Application (hereinafter referred to as the “Site” and “Application” respectively). This Privacy Policy applies only to Privy services, including but not limited to PrivySign, PrivyPass, and other services provided by Privy over time (hereinafter referred to as the “Privy Service”). This Privacy Policy is intended to provide Privy Users with information regarding how Privy undertakes the collection, processing, transformation, disclosure, retention, securing, analysis, erasure, and/or destruction of personal data Privy Users for purpose of Privy Service (hereinafter referred to as the “Processing” or “To Process” or “Being Processed”). By using the Privy Services, Users understand that Privy will process User personal data as described in this Privacy Policy. Use of Privy is governed by this Privacy Policy and the Terms of Use of the Privy Services. The definition used in this Policy refers to the definition described in the Privy Service Terms of Use.

This Privacy Policy shall become effective upon the User’s explicit consent to this Privacy Policy, either expressly or through the methods outlined within this Privacy Policy.

1. PERSONAL DATA PROCESSED BY PRIVY

To create a Privy Account and utilize Privy Service, User are required to provide their Personal Data to Privy accurately, clearly, precisely, and comprehensively. In the event that a User fails to provide the obligatory Personal Data as specified herein, or provides statements and guarantees, information, or Personal Data that are false, unclear, inaccurate, and/or incomplete, Privy retains the right to reject the application for creating a Privy Account for User and to suspend or terminate partially or entirely the Privy Services granted to the User.

Privy may process Personal Data of Privy Users, whether of a general and/or spesific/sensitive nature, in a condition as follows:

  1. At the time of User Account Creation for Privy

    The User is required to provide Basic Data for the purpose of creating a Privy account. Personal Data including but not limited to:

    1. Full Name
    2. Place and Date of Birht
    3. The copy of User Identity Card (KTP) issued by Indonesia’s Government. Privy may request other supporting documents including but not limited to Family Card (KK), Driving License (SIM), Paspor, and/or certificate from companyas a supporting document for the identification and authentication process of the Electronic Sertificate application, if required (including the information contained therein);
    4. Cell phone numbers;
    5. Electronic mail addresses, and/or
    6. Biometric data.

  2. Data that Privy collects automatically

    When Users use Privy Services, Privy will automatically collect Personal Data such as IP Addresses, login information, geolocation, browser client & version, timestamp of activities, operating system, and User transaction data related to the use of Privy Services.

  3. User-provided data

    When Users use Privy Services, including Privy Services through Third Parties, Users may provide other Personal Data (other than those referred to in points a and b above) to Privy from time to time for specific purposes mutually agreed upon by the User and Privy.

  4. Data that Privy collects from Third Parties

    Users can create a Privy Account through a Third Party to access or use the services provided by that Third Party. The third-party that provides the Privy Account creation service is the registration authority. The registration authority will then forward the Personal Data information that the User provided at the time of registration to Privy to create a User's Privy Account.

  5. Cookie

    Privy uses cookies as long as the User uses the Privy Service, in improving the quality of the Privy service, to recognize and remember certain information on the User's browser including session management, service personalization, and user activity recording. The User can choose to disable cookies in the User's browser, but if the user disables cookies, certain functions of the Site's services will be limited.

2. PURPOSE OF PERSONAL DATA PROCESSING FOR USER

Privy processes User's Personal Data for the following purposes:

  1. Provide Privy Service, such as:
    1. Issuing PrivyID, creating Privy Account, as well as issuing, managing, and revoking Electronic Certificates issued by Privy.
    2. Collecting, recording, and analyzing data related to user activites involving the Privy Service
    3. Notify the User regarding transactions and/or activities occuring within the Privy Application or other systems connected to the Privy Application
  2. The transmission of information regarding the Privy Service, updates, developments, and/or enhancements of the Privy Service, or services provided by Third Parties collaborating with Privy
  3. Internal purposes, including but not limited to audits and analysis related to the development, maintenance, testing, troubleshooting, enhancement, and customization of the Privy Service to meet the needs and preferences of User.
  4. Fulfilment of Privy’s obligation to competent authorities in accordance with prevailing statutory regulations.
  5. Personalization of the Privy Application and/or Service for User provided by Privy and/or Third Parties collaborating with Privy
  6. Processing user request in connection with the Privy Service, including but not limited to access, correction, updating, and/or deletion/destruction of the user’s Personal Data within the Privy system, as well as contacting the user regarding such user request.
  7. Other purposes as long as those purposes are not prohibited by applicable laws and regulations. Privy will inform the User about those other purposes when seeking the User’s consent if required by applicable laws and regulations, which Privy is required to obtain consent for.

3. DISCLOSURE OF PERSONAL USER DATA WITHIN THE TERRITORY OF THE REPUBLIC OF INDONESIA

Privy will openly provide access, transmit, convey, deliver, and/or disclose (hereinafter referred to as the “Disclosing” or “Disclosure”) User's Personal Data, which is contained in the Privy system. The disclosure of the User’s Personal Data is carried out in affiliation with Privy and other parties (as mentioned in this Privacy Policy) for the following purposes and for other purposes permitted by applicable laws and regulations:

  1. In order to enable Privy to provide the Privy Service and/or to perform or render services to User, including but not limited to disclosures to:
    1. Other User, as party directly associated with the User in relation to the User’s utilization of the Privy Service;
    2. Agents, contractors, or Third Party who provide services to Privy enabling Privy to provide services to its User in connection with the use of their Personal Data. These Agents, contractors, or Third Party render services to Privy in the form of verification, authentication, analysis, promotions, fraud detection, payment, or other User support. Privy ensures that such agents, contractors, or Third Party will only utilize the User's Personal Data as necessary to support Privy Service.
    3. The organization or legal entity to which the User is associated and registered through the Privy Service.
    4. Other Third Parties are associated with the collaboration with the aforementioned party in order to assist Privy in providing the Privy Service. This includes the provision of services that handle complaints, insurance, enabling Third Party services to be offered within the Privy Application, processing all forms of User activities within the Application or platforms connected to the Application, and other lawful purposes as long as they are not prohibited by applicable laws and regulations.
  2. Fulfilment of legal obligations and regulations related to the process of law enforcement and/or preventive measures in connection with unlawful activities, alleged criminal acts, legal violations, or legislative regulations. In this regard, Privy may disclose User’s Personal Data to individuals, organizations, entities, or governmental authorities, or legitimate law enforcement agencies, who can provide valid evidence to Privy and demonstrate that they are authorized and/or obligated by legal rules and/or competent authorities that impose a legal obligation on Privy to disclose User's Personal Data to party.
  3. The activities of consolidation, merger, acquisition, buy and sell assets, restructuring, financing, or any other corporate actions in accordance with the applicable laws and regulations, which in their implementation involve Privy as the party undertaking such activities with other parties or with respect to other companies, or Privy as the party being consolidated or merged with another company or being acquired by another company or receiving financing from another company (even if such activities are subsequently not pursued)
  4. To alleviate any User uncertainty, Privy does not engage in the sale and/or distribution of User’s Personal Data to any third parties other than those explicitly consented to by the User in this Privacy Policy. Privy ensures that only User, Third Party, and/or other parties authorized by the User, are permitted to access and/or view Electronically Uploaded Document or Personal Data contained within the User Privy Account
  5. In the event that the User grants consent to a Third Party to utilize the Privy Account to access or avail service provided by Third Party, the utilization of the User’s Personal Data by the Third Party is subject to the terms and conditions and/or privacy policy of the Third Party.
  6. The User acknowledges that Privy may disclose User’s Personal Data outside the territory of the Republic of Indonesia in connection with the Privy Service. In relation to this matter, Privy shall comply with all applicable laws and regulations.

4. SECURITY OF USER PERSONAL DATA

Privy makes careful security and storage efforts to protect the confidentiality of User's Personal Data from time to time. Any content uploaded and sent by Users to the Privy Service will be stored securely and sent confidentially using industry standards for securing electronic information. Privy sets high standards for information security, please note that Privy is ISO 27001:2013 certified regarding Information Security Management Systems and ISO 27701:2019 regarding Privacy Information Management System.

The User is responsible for maintaining the confidentiality of the User's Privy Account details, including the User's password and One Time Password (OTP) that Privy may send to the User from time to time to anyone, and must always maintain and be responsible for the security of the device that the User uses to access Privy Service.

5. DATA STORAGE

Privy retains the User's Personal Data for the period required for the purposes of Processing the Personal Data as specified in this Privacy Policy in accordance with the provisions of the applicable laws and regulations.

6. USER CONSENTS

By engaging in any of the actions enumerated below, the User acknowledges and declares that they have read and comprehended the provisions within this Privacy Policy. The User also grants Privy consent to carry out the Processing, Disclosure, and/or storage of the User’s Personal Data in accordance with the stipulations outlined in this Privacy Policy and prevailing legal regulations:

  1. Registered as a User of Privy Service;
  2. User hereby submits Personal Data to Privy for the purpose of Processing, Disclosure, and storage of the User’s Personal Data as defined in this Privacy Policy.
  3. User's Personal Data is stored with the Privy system;
  4. User provides consent as stipulated in the agreement or contract between the User and Privy in connection with the acceptance of collaboration or in connection with the user of Privy Service
  5. User visits and/or uses the Site and/or Application; and/or
  6. User engages in communication with Privy.

7. USER RIGHTS

  1. Privy provide User the rights associated with User’s Personal Data in accordance with applicable laws and regulations, wherein User possess the following rights:

    1. Revocation of Consent
      User is entitled to revoke their consent for Privy to Process, Disclose, and/or store the User's Personal Data. Upon revocation of such consent, Privy will delete/destroy the User’s Personal Data from the Privy system and cease Processing the User’s Personal Data

    2. Access Request
      The Users has the right to request and obtain a copy of the User’s Personal Data stored on the User’s Privy Account. Granting access and the copy of data to Users will be carried out in accordance with the provisions of the applicable laws and regulations.

    3. Change Request
      The User has the right to change, correct, add, update, complete, and/or rectify any errors or inaccuracies regarding the Users Personal Data stored within the Privy system. Changes of Personal Data in the form of Basic Data can only be made by giving notice to Privy through Privy’s contact. Meanwhile, for categories other than Basic Data, this can be done through the Privy Application. For request to changes e-mail address and/or cell phone number can be made by the Users through the User’s Account with proof of conformity to the User's biometric data. Privy reserves the right to request supporting documents and/or verify changes, additions, or updates to such information and Personal Data in accordance with Privy's procedures.  Implementation of the change request will be carried out in accordance with the applicable laws and regulations.

    4. Removal Request
      The User has the right to request Privy to cease processing, delete, and/or destroy the User's Personal Data from the Privy system. Before the aforementioned matter can be processed, the User must fulfil the verification requirements carried out by Privy. Privy reserves the right to ask for reasons for deleting Personal Data from Users. The request for deletion of Basic Data can only be made by giving notification to Privy through Privy's contact. Implementation of the data removal requests will be carried out in accordance with applicable laws and regulations. The impact of deleting Basic Data is the closure of the Privy Account.

  2. Privy is entitled to reject User’s request as mentioned in point (a) above, in the event that:

    1. The User’s request is irrelevant to the User’s Personal Data stored by Privy, including but not limited to cases where the requesting party seeks Personal Data of another party over which they have no authority and/or cannot validly demonstrate their authority over the requested Personal Data; and/or

    2. Privy is prohibited from executing User requests by competent authorities and/or Privy’s internal policy based on applicable laws and regulations.

8. LIMITATION OF LIABILITY

User hereby agrees to release, hold harmless, indemnify, and defend Privy, including any officers, directors, employees, or agents of Privy from and against any and all requests, claims, losses, liabilities, liabilities, costs, damages, and expenses (including but not limited to legal fees and indemnity expenses) resulting directly or indirectly from:

  1. any loss due to Personal Data that is intercepted, intercepted, accessed, stolen, disclosed, altered, or destroyed by an unauthorized Third Party, due to factors beyond Privy's control and/or contrary to this Privacy Policy and the applicable laws and regulations, including those resulting from User error or negligence;
  2. The security and confidentiality of Personal Data that have undergone Processing, Disclosure, and/or storage by the User to the public or Third Parties, whether the Processing, Disclosure, and/or storage are conducted by the User or any party other than Privy, and such Processing, Disclosure, and/or storage occurs not due to the negligence and/or fault or Privy in protecting the User’s Personal Data;
  3. All risks and/or consequences arising from the negligence and/or personal errors committed by the User in maintaining the security and confidentiality of the User’s Personal Data; and/or;
  4. All consequences arising from the utilization of any media and/or application that the User employs to Disclose, Process, and/or store the User’s Personal Data, including, among other things, internet networks and cloud storage services.

9. APPLICABLE LAW AND DISPUTE RESOLUTION

  1. These Terms of Use are governed and construed based on the laws of the Republic of Indonesia.
  2. Users and Privy agree that all disputes or disputes arising from or relating to matters regulated in this Privacy Policy (including all disputes or disputes related to this Privacy Policy) will be resolved by reference to the applicable laws and regulations, particularly those related to the personal data protection.

10. LANGUAGE

In the event that these Privacy Policy are displayed in a variety of language choices and there is a discrepancy between one language and another, the Indonesian text will prevail.

11. CONTACT AND NOTIFICATIONS

  1. Notice from Privy
    Every notification from Privy addressed to Users or Users will be announced through the Site and sent via electronic mail (email), short message service (SMS), or push notifications through the Privy Application installed on the User's device registered with Privy.
  2. Notice from User
    1. Any notification from a User or User addressed to Privy relating to Privy Service becomes effective when the notification is received by Privy via the electronic mail address (e-mail address) helpdesk@privy.id and/or through a physical document sent to PT Privy Identity Digital with the address Jl. Kemang Raya No. 34L, 2nd Floor, Bangka Village, Mampang Prapatan District, South Jakarta 12730, Indonesia.
    2. Any notification from a User relating to this Privacy Policy or Personal Data can be submitted by the User to Privy via e-mail address at dpo@privy.id.

12. CHANGES

  1. Privy have a right to review and change this Privacy Policy from time to time to ensure that the provisions of this Privacy Policy remain consistent with the evolving nature of Privy Service in the future and/or in the event of changes to applicable laws and regulations. In relation to such changes, Privy will notify Users about the changes through notifications as described in Article 12(a) above.
  2. User understands and agrees that the User is responsible for periodically reviewing this Privacy Policy to be informed of the latest information regarding this Privacy Policy from time to time.